Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]

["Joe Jaroch (Tera Innovations, Inc.)" <security () terainnovations com>]

This is bugging me....
Is there any reason at all NOT to have a vetting procedure? I know, yes, 
freedom of speech and all that jazz... but really, when discussing about 
things that can cause damage - guns are not handed out freely, everyone 
doesnt have the material to build nuclear weapons, and (as 
aforementioned), biological viruses are not given out to anyone. How 
many new spyware/antivirus researchers are there out there? How many 
people are going to end up infecting themselves when they test out your 
samples? Even if it [the admission process] is somewhat lax, it would 
probably deter a lot of malware writers if you do atleast somewhat of a 
background check on them, or, require the need of a 'resume' of sorts 
(companies worked at, AV/Security contacts that can vouch for them). 
There are not 10 people a day that just wake up and decide - "Oh, I 
think i'll start researching how to analyze malware today!". We dont 
need script kiddie 'antivirus researchers'.

I have also wanted a public virus research system, but in mine, it was 
much different. Instead of allowing everyone to download the files, they 
can ONLY browse the MD5s of the files. This would allow antivirus 
researchers to cross check new samples that they got to determine what 
definition name to add. As for a public system to allow EVERYONE to 
download samples, that doesnt seem legitimate. Ask almost any person 
with 2/3rds of a brain: "I am thinking of opening a website where anyone 
and everyone can download, distribute and release viruses, spyware, and 
other malicious buggars" and they would object to it.

It is a good thing to have, but without any admission moderation, it is 
irresponsible. There are a lot of virus collections online (dont want to 
name them here), but ironically, almost all of them are run by known 
virus writers or virus collectors.... wonder what the coorelation is 
there......

(P.S. - your download links are wrong. 
http://www.offensivecomputing.net//usr/local/apache2/htdocs/offensivecomputing/drupal/files/active/0/ 
-- something -- should be 
http://www.offensivecomputing.net/files/active/0/ -- something -- )

Just my $0.02,

-Joe Jaroch
Tera Innovations, Incorporated.
http://www.viruscape.com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.